Fortanix™ Inc., the Runtime Encryption® company, today announced that its Self-Defending Key Management Service (SDKMS), the world’s only cloud service secured with Runtime Encryption® technology, protects organizations from software vulnerabilities that can allow hacker attacks similar to the recent Equifax data breach.
Today encryption secures data at rest as well as in transit with technology such as Transport Layer Security (TLS). As an example, when banks provide data to Equifax they use TLS, but once the data is used by Equifax, it’s decrypted and exposed. The exposed data provides an opportunity for hackers to try all possible vulnerabilities to find and steal the exposed data. In the case of Equifax, a vulnerability in the Apache Struts software provided the path for hackers to connect to the personal data, a breach which affected 143 million people.
Fortanix’s Runtime Encryption® protects applications and data during use and computation. Runtime Encryption® allows general-purpose computation on encrypted data without exposing sensitive data to untrusted operating systems, root users, cloud providers, or malicious insiders. Even with vulnerable software such as Apache Struts, hackers access only encrypted data which is undecipherable. Hackers will always be able to use vulnerable applications to connect to servers. But encryption during runtime ensures that even when this happens, private data remains encrypted and unusable to hackers.
“Runtime Encryption® keeps data encrypted and secured when applications are using the data,” said Ambuj Kumar, Fortanix CEO and co-founder. “As we saw in the Equifax case, encryption would have protected the population’s sensitive data during runtime processing. An approach that combines encryption with best practices in developing secure applications can reach new heights in securing data.”
Secured with Intel® SGX, Fortanix’s SDKMS is the world’s first and only key management solution that is secure from cloud providers and government subpoena; that is cloud agnostic, built to scale, and provides software flexibility with hardware security module (HSM) grade security. SDKMS offers central management, tamper-proof logging, rich access control, and massive scalability. Organizations use SDKMS to secure their sensitive cloud and traditional applications, including digital payments, PKI systems, IoT applications, silicon manufacturing, and remote TLS terminations – all while drastically reducing integration complexities and expenses.
Fortanix, Runtime Encryption, and Self-Defending Key Management Service are trademarks of Fortanix, Inc. All other trademarks are the property of their respective owners.